🗞️ In The News: HLB and DCAP Digital Collaborate to Boost SME Lending and Financial Inclusion with Cutting-Edge AI
Logo

Information Security Engineer

Technology Team

Summary: We are looking for an Information Security Officer to manage day-to-day security operations, vulnerability management, and compliance readiness. This role focuses on practical security hygiene and audit support, ensuring our systems remain secure, compliant, and well-documented as the business scales.

Location

Menara Suezcap

Job Scope

Key Responsibilities:

Security Operations & Vulnerability Management

  • Conduct internal vulnerability scans on web applications, servers, and endpoints
  • Track, prioritize, and follow up on findings from VAPT and security assessments
  • Coordinate remediation with developers and DevOps teams
  • Maintain a vulnerability and risk register with clear ownership and timelines

Endpoint, Access & Infrastructure Security

  • Monitor endpoint security tools (EDR / antivirus) and device compliance
  • Ensure disk encryption (BitLocker / FileVault) and baseline security controls are enforced
  • Review access controls, user permissions, and joiner–mover–leaver processes
  • Support basic log review and security monitoring activities

Compliance & Audit Readiness

  • Own and maintain security evidence for SOC 2 and internal audits
  • Maintain and update security policies (access control, incident response, DR, ISMS)
  • Support compliance alignment with PDPA, BNM RMiT, and SC GTRM requirements
  • Coordinate with external auditors and internal stakeholders during assessments

Secure Development & Risk Support

  • Work with engineering teams on secure coding practices and dependency risks
  • Ensure proper environment separation (development, staging, production) with DevOps team and Tech team
  • Promote secure handling of credentials, secrets, and configuration based on audit requirements

Incident & Risk Management

  • Assist in security incident response, investigation, and documentation
  • Maintain incident logs, post-incident reports, and corrective actions
  • Proactively raise security risks and misconfigurations to management

What This Role Is Not:

  • Not a penetration testing or red-team role
  • Not a 24/7 SOC analyst position
  • Not advanced malware research or threat hunting

Requirements

Required Qualifications:

  • 3 - 4 years of experience in IT, cybersecurity, system administration, or DevOps-adjacent roles
  • Working knowledge of web application security (OWASP Top 10)
  • Familiarity with vulnerability scanning tools (e.g. Nessus, OpenVAS, Burp basic)
  • Understanding of access control, endpoint security, and server hardening
  • Comfortable with documentation, audits, and compliance processes

Nice to Have:

  • Exposure to SOC 2 or ISO 27001
  • Cloud security fundamentals (AWS/GCP IAM, security groups)
  • Basic scripting or automation experience (Bash, Python)

Why Join Us:

  • Direct exposure to real-world fintech security and compliance
  • Opportunity to build sustainable security practices, not just checklists
  • Work closely with engineering and leadership on meaningful security decisions

AWS
We’re building some seriously cool tech – and we’re looking for passionate people to join us. Think that’s you? Send your CV to career@dcap.my
Share on Facebook Share on LinkedIn